Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cuando la criptografía falla: autenticación con ondas cerebrales.

752 views

Published on

When cryptography fails: authentication brainwaves. Alfonso Muñoz (i4s).

Curso de Verano 'Ciberseguridad y Fintech'.
'Cybersecurity & Fintech' Summer Course.

Published in: Technology
  • Be the first to comment

Cuando la criptografía falla: autenticación con ondas cerebrales.

  1. 1. CURSO DE VERANO CIGTR 2016: Cybersecurity & FinTech Dr. Alfonso Muñoz – Senior Cybersecurity Expert Twitter: @mindcrypt Email: alfonso.munoz@i4s.com| alfonso@criptored.com Linkedin: https://es.linkedin.com/in/alfonso-muñoz-phd-1984141b
  2. 2. 2 About me Linkedin: https://es.linkedin.com/in/alfonso-muñoz-phd-1984141b Twitter: @mindcrypt alfonso.munoz@i4s.com | alfonso@criptored.com Dr. Alfonso Muñoz – Senior Cybersecurity Expert
  3. 3. 3 “El único ordenador realmente seguro es el que está apagado, desenchufado, encerrado en una cámara de titanio, enterrado en un bunker rodeado de gas nervioso y protegido por guardias bien pagados. Aún así no apostaría mi vida en ello” - Spaf “Dos amigos están dando un paseo por el bosque cuando un oso empieza a perseguirlos. Uno de ellos echa a correr y su amigo le dice: “¿Estás loco? ¡No podemos correr más que un oso!”. El primero responde: “No necesito correr más que el oso. Me basta con correr más que tú”. https://en.wikipedia.org/wiki/Gene_Spafford http://blog.jeremiahgrossman.com/
  4. 4. 4 https://www.youtube.com/watch?v=k76qLOrna1w “El mundo está mirando a los criptógrafos….”
  5. 5. 5
  6. 6. 6 • Duncan Campbell – Informe COMIT Interception Capabilities 2000 – http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN • Privacidad e interceptación de telecomunicaciones. Echelon, Carnivore (DCS1000), OSEMINTI, SITEL, “Frechelon”, INDECT (DPI), PRISM… Hay cosas que sabemos que sabemos. También hay cosas desconocidas conocidas, es decir que sabemos que hay algunas cosas que no sabemos. Pero también hay cosas desconocidas que desconocemos, las que no sabemos que no sabemos. Donald Rumsfeld, 2002. Secretario Estadounidense de Defensa
  7. 7. 7 http://www3.weforum.org/docs/Media/TheGlobalRisksReport2016.pdf
  8. 8. 8
  9. 9. 9
  10. 10. 10
  11. 11. 12 http://www.elmundo.es/tecnologia/2016/02/04/56b327c5e2704e20708b45aa.html
  12. 12. 13
  13. 13. 14 • Fitbit – Ejercicio y consumo de calorías http://techcrunch.com/2011/07/03/sexual-activity-tracked-by-fitbit-shows-up-in-google-search-results/
  14. 14. 15
  15. 15. 16 Mateo 7:16 Por sus frutos los conoceréis. ¿Acaso se recogen uvas de los espinos o higos de los abrojos?
  16. 16. 17
  17. 17. 18 https://prism-break.org/es/ Ataques sobre la identidad de las entidades (interceptación y suplantación). Ataques sobre la información (revelación, reenvío, manipulación y repudio de datos). Ataques sobre los servicios (negación del servicio y apropiación).
  18. 18. 19http://securityaffairs.co/wordpress/43435/hacking/kybernetiq-magazine-cyber-jihad.html
  19. 19. 20 “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology”. – Bruce Schneier Servicios de seguridad: Confidencialidad, integridad, autenticidad, no repudio, control de acceso, disponibilidad  Mecanismos de seguridad  Criptografía https://www.schneier.com/ ¿ ? • Usabilidad - ¿Quién usa criptografía? • Identificación de la fuente transmisora • Limitaciones de la criptografía - diseño • Mundo real • Potencia de cálculo
  20. 20. 21
  21. 21. 22 • CRIPTOGRAFIA CLÁSICA < años 40 Siglo XX (seguridad basada en oscuridad) – principios de Kerckhoffs (1883) - Auguste Kerckhoffs La cryptographie militaire • CRIPTOGRAFÍA MODERNA > años 40 siglo XX (teoría de la información – Shannon 1948/1949)
  22. 22. 23 • CRIPTOGRAFIA CLÁSICA < años 40 Siglo XX (seguridad basada en oscuridad) – principios de Kerckhoffs (1883) - Auguste Kerckhoffs La cryptographie militaire
  23. 23. 25 - Teoría de la información – Shannon (1948/1949)  Difusión y confusión (formalización) - La criptografía depende de claves: eso es un problema!!! - Secreto perfecto – OTP (One Time Pad)  Criptografía de flujo (RC4, …) Proyecto VENONA - https://es.wikipedia.org/wiki/Proyecto_Venona - Criptografía simétrica/asimétrica – bloques (bits) Cifrado polialfabético+poligrámico+modos de cifrado ¿Criptografía en tiempo real? ¿Protección de grandes volúmenes de información? ¿Validación distribuida? ¿Cloud-multiproveedor? ¿Cifrado reversible…?
  24. 24. 30
  25. 25. 31 - TOP 1: La gente no usa criptografía (Ransomware) - TOP 2: Criptografía mal implementada – (Principio de House) - TOP 3: “La criptografía no se ataca se esquiva…” http://www.bankinfosecurity.com/ransomware-hits-hospitals-a-8872
  26. 26. 32 - TOP 2: Criptografía mal implementada – (Principio de House) http://jpinsoft.net/DeepSound/
  27. 27. 33 - TOP 2: Criptografía mal implementada – (Principio de House) - Moxie Marlinspike: Cuando una Autoridad Certificadora firma un certificado presta atención al campo CN (Common Name). Los estándares de certificado X.509 y SSL definen la cadena CN como una cadena PASCAL. Sin embargo, la mayoría de software de procesamiento de certificados está escrito en C - fin de cadena con NULL (0). El problema llega cuando alguien obtiene un certificado de la forma www.bancolegitimo.com0www.atacante.org. Cuando se procesa por un navegador, sólo se leerá la primera parte, www.bancolegitimo.com, permitiendo falsificar fácilmente al banco. La solución más fácil a este problema es que las entidades certificadoras rechacen todos los certificados que contuvieran el carácter NULL. ¿Rompemos Internet?: BEAST (2011), CRIME (2012), BREACH (2013)… EKOPARTY (2012): Juliano Rizzo y Thai Duong - herramienta CRIME (Compression Ratio Info-Leak Mass Explotaition)
  28. 28. 34 - TOP 2: Criptografía mal implementada – (Principio de House) EKOPARTY (2012): Juliano Rizzo y Thai Duong - herramienta CRIME (Compression Ratio Info-Leak Mass Explotaition) • Inyección de código en el navegador y funcionamiento algoritmos de compresión (TLS/SSL compression)  predecir información en los datos cifrados • Idea: Construir mensajes byte a byte y analizar si el número de bytes enviado es menor o no (mejor comprensión). Si es menor, el mensaje inyectado coincidirá con otro existente. De esta forma y mediante múltiples peticiones es posible descubrir, por ejemplo, información de una cookie de sesión intercambiada a través de SSL. • Curiosamente la utilización del algoritmo RC4 en lugar de cifrados en bloques como CBC o habilitar la compresión de datos hace factible el ataque (recuérdese que esas fueron unas de las soluciones temporales recomendadas contra BEAST). • Condiciones: Compresión en ambos extremos, inyectar código en la víctima, acceso a tráfico • BREACH: HTTP compression  http://breachattack.com/
  29. 29. 35 - TOP 3: “La criptografía no se ataca se esquiva…”
  30. 30. 36 - TOP 3: “La criptografía no se ataca se esquiva…”
  31. 31. 37 - TOP 3: “La criptografía no se ataca se esquiva…” – Ataques laterales
  32. 32. 38 - TOP 3: “La criptografía no se ataca se esquiva…” – Acceso físico • PC infectado – recuperar clave o intervenir en el proceso de cifrado (TrueCrack, Passware Kit Enterprise, Vfdecrypt…) • Ataques de acceso directo a memoria (IEEE 1394 Firewire, PCI, usb…) - Tool: Elcomsoft Forensic Disk Decryptor… • Cool boot attacks In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents which remain readable in the seconds to minutes after power has been removed. https://en.wikipedia.org/wiki/Cold_boot_attack
  33. 33. 39
  34. 34. 40 - ¿Criptografía simétrica o asimétrica? - ¿Qué algoritmo elegir? - Potencia de cálculo – mundo académico vs mundo real http://www.neoteo.com/colossus-un-coloso-secreto- contra-enigma-16078 https://en.wikipedia.org/wiki/EFF_DES_cracker (1998) In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day
  35. 35. 41 CALCULO A LO BRUTO BASADO EN TOP-500: TIANHE-2 – 33.86 PETAFLOPS/S (33.860.000.000.000.000 operaciones de coma flotante por segundo)– 300 MILLONES DE DÓLARES. SUPONGAMOS 1 OPERACIÓN = LA EJECUCIÓN DEL ALGORITMO DE CIFRADO Y TEXTO EN CLARO/TEXTO CIFRADO. 33.860.000.000.000.000 aprox 254 ejecuciones/s Algoritmo de Cifrado de 128 bits  2128/254 = 274 segundos  5*1014 años (más que la edad del universo) Tiempo Real = 300 millones de dólares * 274 >>>>> PIB USA
  36. 36. 42 https://en.wikipedia.org/wiki/Rainbow_table
  37. 37. 43 - ¿Qué hacemos si se introduce una clave incorrecta N veces? ¿Aplicable a la criptografía?
  38. 38. 44 - Hablemos de la “bicha”: Computación cuántica - ¿Afecta por igual a la criptografía simétrica y asimétrica? - Edward Snowden: “far far away…” http://www.nature.com/news/google-moves-closer-to-a-universal-quantum-computer-1.20032 http://www.cbc.ca/news/technology/d-wave-quantum-1.3525566 https://www.technologyreview.com/s/600715/nsa-says-it-must-act-now-against-the-quantum-computing-threat/ https://www.schneier.com/blog/archives/2015/08/nsa_plans_for_a.html
  39. 39. 45 • Limitaciones de la criptografía: robustez, implementación, seguridad computacional • Las claves son incómodas. Seguridad para todos… ¿usabilidad? • Los problemas vienen de una arquitectura no confiable • ¿Existe solución para la identificación remota “segura”? • Infraestructura PKI ¿caducada? ¿alternativas? – Convergence - Moxie Marlinspike (notarios), … – Certificate Transparency, Certificate pinning, … • CLOUD: Cryptography as a service, key as a service, … – Cliente, transmisión, cloud - ¿Seguridad por oscuridad? – ¿Privacidad de los datos – clave? ¿Criptografía en tiempo real? ¿Protección de grandes volúmenes de información? ¿Validación distribuida? ¿Cloud-multiproveedor? ¿Cifrado reversible…? ¿Claves aleatorias? ¿Qué algoritmo elegir? Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit (Rooted CON 2011) - https://vimeo.com/27257442
  40. 40. 46
  41. 41. 47 - Criptografía Cuántica – Solucionar el problema de distribución de claves (*) - Criptografía Post-Cuántica – Mejorar seguridad computacional - Criptografía homomórfica (*) – Minimizar impacto de la gestión de claves https://eprint.iacr.org/2015/1018.pdf https://en.wikipedia.org/wiki/Homomorphic_encryption
  42. 42. 48 Y… ¿Para eliminar contraseñas?
  43. 43. 49
  44. 44. 50
  45. 45. 51
  46. 46. 52
  47. 47. Neuroscience… for dummies Es preciso sacudir enérgicamente el bosque de las neuronas cerebrales adormecidas; es menester hacerlas vibrar con la emoción de lo nuevo e infundirles nobles y elevadas inquietudes Dr. Santiago Ramón y Cajal
  48. 48. Reading minds (brainwaves)… • Methods: Invasive vs Non-Invasive • Ethical issues? Social problems? Super human?... Secret projects? Exocortex? Remote viewing?, Telepathy?, MK-ULTRA, DARPA (since 1970)… Braingate: The Brain-Computer Interface That Let a Quadriplegic Woman Move a Cup Search for Paradise: A Patient's Account of the Artificial Vision Experiment
  49. 49. Non-Invasive methods… • EEG (electroencephalography), MEG (magnetoencephalography), fMRI (functional magnetic resonance imaging), NIRS (near infrared spectroscopy)… • EEG is a commonly used non-invasive method Representation over time of the voltage generated by electrodes recorded at different regions of the brain. The EEG is produced by synaptic activity of cortical neurons.
  50. 50. EEG: What and Where to measure? • Delta (below 4 Hz) Deep (dreamless) sleep, loss of bodily awareness • Theta (4-8 Hz) Reduced consciousness, deep meditation, dreams, light sleep, REM sleep • Alpha (8-14 Hz) Physically and mentally relaxed, awake but drowsy Creativity, creative problem-solving, right-brain thinking, light meditation, relaxation, intuition, creative visualization and openness to self-programming • Beta (14-30 Hz) Awake, normal alert consciousness Focus/concentration, attention, alertness, analytical/logical thinking • Gamma (30 Hz and above) Heightened perception Euphoria, ecstasy, …
  51. 51. • EEG activity is quite small, measured in microvolts (μV) with the main frequencies of interest up to approximately 30 Hz. • ERP (event-related potential): P300, N200, N400.. “The current brain technologies are like trying to listen to a conversation in a football stadium from a blimp” John Donoghue An ERP is the measured brain response that is the direct result of a specific sensory, cognitive, or motor event. EEG: What and Where to measure?
  52. 52. What and Where to measure? 10-20 System (Internationally recognized method) https://en.wikipedia.org/wiki/10-20_system_%28EEG%29
  53. 53. BCI Devices: How to measure? • Expensive hardware $$$$ (clinical use, military, mental surveillance …) – BioSemi – TruScan EEG (Deymed) – Cadwell Easy II EEG PSG – EnoBIO… • Cheap hardware $$$ (entertainment, sports, …) – NeuroSky Mindwave (from 79$) – EPOC Emotiv (from 399$) – Wearables EEG Headsets/Biofeedback (Muse, Melon, Versus…)
  54. 54. BCI Devices: How to measure? • Custom & DIY – Arduino Brain Library, EPOC Python Library, NeuroPy, EyeWire... – OpenEEG project , OpenBCI, OpenVIBE, OpenHardwareExG, Hack a day… – Software: NeuroServer, BioEra, BrainBay, Brainathlon, BioExplorer, Neuroph, EEGlab… A 15-Year-Old Builds a Mind-Controlled Robotic Arm (Arduino prosthesis)
  55. 55. My low-cost device (BCI): Neurosky Mindwave… Demo – Brain Visualizer http://developer.neurosky.com/ https://github.com
  56. 56. Some code … import neurosky.*; //… public void setup() { ThinkGearSocket neuroSocket = new ThinkGearSocket(this); try { neuroSocket.start();} catch (ConnectException e) {e.printStackTrace();} } public void stop() { neuroSocket.stop(); } public void blinkEvent (int blinkStrength) {} public void attentionEvent (int attentionLevel) {} public void meditationEvent (int meditationLevel){} public void poorSignalEvent (int signal){} // 200 - ThinkGear electrodes aren't contacting a person's skin. public void eegEvent (int delta,int theta, int lowAlpha, int highAlpha, int lowBeta, int highBeta, int lowGamma, int highGamma){} public void rawEvent (int []values){} // http://developer.neurosky.com/docs/doku.php?id=thinkgear_communications_protocol
  57. 57. Playing… (demo time) http://store.neurosky.com/products/the-adventures-of-neuroboy-bci-technology-demo
  58. 58. In the real life… • Clinical Uses (e.g., diseases) • Entertainment, sports, and wearables • Military • Mental surveillance (national security, law enforcement,…) • B2B – brain to brain Interface • Neurofeedback and art • Neuromarketing • NeuroWare / emotion recognition • EEG dating • “Control things or people*” • Computer security? • Accelerated and augmented learning
  59. 59. In the real life (more examples)…
  60. 60. In the real life (more examples)… http://www.sciencedirect.com/science/article/pii/S0165027014002702 Restore neural and behavioral function: Revolutionitizing prosthetics, reorganization and plasticity to accelerate injury recovery, Co-adaptive BCI for restoration of sensorimotor function, restorative Encoding memory integration neural device, reliable neural interface technology… Improve human training and performance: Accelerated learning, narrative networks, neurotechnology for intelligence analysts, Cognitive technology threat warning system, low-cost EEG technologies…
  61. 61. Security in EEG (Electroencephalography)… • Acquisition, storage, processing and transmission – (In)security in EEG (Electroencephalography) Technologies – Defcon23 (2015) Alejandro Hernández (@nitr0usmx) IOActive. https://goo.gl/r5PVLA – No encryption/no authentication, replay attacks, MiTM, DoS, storage and formats (brainwaves are data), jamming (Wi-FI, bluetooth, …), EEG equipment (Shodan)… – Unauthorized person could read someone’s brain activity or impersonate someone’s waves… • What about cryptography with brainwaves? – Authentication, ciphering, password and PIN generation (thinking), random numbers… – Cryptographic primitives… – Authentication y authorization
  62. 62. PART I - Authentication based on mind?
  63. 63. Authentication based on mind? • Passwords (problems): To create, memorize, store and distribute • Passwords: 30+ years killing them... (lost battlefield?) – Improving passwords: when my password is used, avoiding brute force attacks (delays, temporary lockout, salts, PBKDF2, Argon2, key stretching, graphical passwords…). – Public cryptography? Quantum cryptography? – Multifactor authentication (human-friendly technology?) • Rubber-Hose / Black-bag cryptanalysis - Using torture or coercion to extract the password (by force or by law) - Stealing the password (keystroke logging, malware, side-channels…)
  64. 64. Advantages (BCI devices) for authentication • Mental tasks - authentication - Resilient to shoulder-surfing attacks & dictionary attacks. E.g., pass-thoughts - Mental tasks do not need to be secret* (can be written down on paper) - They can be changed if they are compromised (other biometric solutions can’t) - EEG can be recorded continuously, allowing for continuous authentication* - Can be used to determine life – only live people have EEG activity*. • Two-factor authentication (2FA) - An inherence factor (brain) and a knowledge factor (a chosen passthought). • Key generation or authentication*: Plausible deniability | deniable encryption - EEG signals can be easily affected and governed by the user, but they cannot be easily reproduced under conditions of stress, anxiety, drowsiness, effects of alcohol or drugs… • Brainprint: A unique pattern for every human* In theory…
  65. 65. Authentication methods using the mind… • Signal acquistion: multi-channel vs. single-channel EEG • Mental tasks (conscious vs unconscious)  brainwaves  feature extraction • Feature extraction: Discrete Fourier Transform, Wavelet Packet Decomposition, Power Spectral Density, AR model, Shannon Entropy… • Classification: QDA, LDA, NN, SVM, KNN, … EEG Recordings
  66. 66. • Mental tasks are useful for authentication, identification, generating keys, … • EEG recording while: – Relaxed with eyes closed – Exposed to visual/audio stimuli • Text, 3D objects, … • Visual Evoked Potential (VEP) … • P300 event-related potential (ERP), .. – Performing mental tasks • Breathing task • Simulated Finger Movement • Sports task • Object counting task • Pass-thought Authentication methods using the mind…
  67. 67. • Researched “only” with multi-channel EEG (cost/Usability*) • Demystifying: Resistance to dictionary attacks? Replay? Problems - Authentication methods using the mind… • Brainwaves: alpha, P300, beta, gamma, … • Login/enrollment process  Training and time? • Validation: Few subjects (a few dozens) • Accuracy: 60 to 100% • Stability  Time effect on mental authentication task? • Reproducibility  Emotions? Plausible deniability? • Subject database*: Publicly available databases?
  68. 68. NeuroSky: Authentication with BCI (low-cost) • Single-channel EEG authentication (NeuroSky Mindwave) can be just as accurate as multi-channel EEG authentication. • Usability: Different categories of mental tasks score very differently in terms of user-perceived difficulty and enjoyability. • Single-channel EEG signals do exhibit patterns that are subject-specific (mental tasks collected over different experimental sessions on different days).
  69. 69. Authentication with BCI (low-cost) Details: I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves – John Chuang et al. • Study with 15 subjects, 40-50 minute sessions on separate days, two session/subject. • Mental-tasks repeated 5 times en each session / each subject – Breathing Task (breathing) – Subjects close their eyes and focus on their breathing for 10 seconds – Simulated Finger Movement (finger) – Subjects imagine in their mind that they are moving their right index finger up and down in sync with breathing, without actually moving their finger, for 10 seconds – Sports task (sport) – Subjects select a specific repetitive motion from a sport of their choosing. They then imagine moving their body muscles to perform the motion, for 10 seconds – Song/Passage Recitation Task (song) – Subjects imagine that they are singing a song or reciting a passage for 10 seconds without making any noise – Eye and Audio Tone Task (audio) – Subjects close their eye and listen an audio tone for 5 seconds, after open their eyes and stare at dot on a piece of paper for 5 seconds – Object counting task (color) – Subjects count boxes (in images) corresponding to their choose color for 30 seconds (each image for 5 seconds, 6 times) – Pass-Thought Task (pass) – Subjects focus on their pass-thoughts for 10 seconds
  70. 70. Authentication with BCI (low-cost) Details: I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves – John Chuang et al. • Data corresponding to the alpha (8-12 Hz) and the beta wave (12-30 Hz) • Raw events  for each frequency component  to compute the median magnitude corresponding to that frequency (over all time)  one- dimensional column vector with one entry for each measured frequency • Authentication system  Similarity amongs signals (vectors) – Similarity gives a value between 0 and 1, where a similarity of 1 would indicate a perfect match – Self-similarity: The similarity of signals within a single subject – Cross-similarity: The similarity of signals between different subjects – Authentication protocol: Fixed mental-task and a threshold T for each subject – Similarity: Random 5 samples/user (stored) vs. sample from input
  71. 71. Authentication with BCI (low-cost) Details: I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves – John Chuang et al. • Results 1.1% • Limitations and future work Very promising, but we need more results Set of subjects reduced (15 subjects)  main problem Enrollment process around 45 minutes Authentication from 5 to 30 seconds Usability and accuracy of authentication: Choose and repeat a mental task • Repeat: color, breathing, song, audio, pass, sport, finger • Difficult: pass, sport, song, finger, audio, breathing, color
  72. 72. Usability- Authentication with BCI (low-cost) Details: I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves – John Chuang et al.
  73. 73. Epoc - Emotiv: Authentication with BCI (low-cost) EEG Recordings
  74. 74. 85 http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=7435286&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel7%2F10206%2F4358 835%2F07435286.pdf%3Farnumber%3D7435286
  75. 75. Unconscious authentication: Implicit learning… • Defense against coercion attacks using the concept of implicit learning from cognitive psychology (2012). • Implicit learning as a cryptographic primitive https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final25.pdf My crazy idea: Brain to Machine covert channel? Plausible deniability?
  76. 76. Details: Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks – Hristo Bojinov et al. Unconscious authentication: Implicit learning…
  77. 77. The problem of stability… • Stability & reproducibility: Long-term stability of human brain activities?… • Affected by “emotions” (stress, calm, excited, …)? EEG-based emotion recognition: accuracy is improved by stressed emotion while it is degraded by the excited emotions • How much time do I need to repeat the enrollment process or to re-cipher information? • Low-cost BCIs are not useful for real applications? May 2014
  78. 78. PART II – Generating keys with the mind… • Is it possible to create cryptographic keys? To encrypt information (P300, gamma,…)*? • A lot of research on how to encrypt EEG signals with “standard“ cryptographic algorithms (e.g., LSFR, chaos based cryptosystems, …) • Few researches?*
  79. 79. Generating keys with the mind… • 10 subjects (61 wet electrodes) 82.05 to 100% (TP) 27.22% (TN) • Gamma band frequencies – repeatable and unique encryption key? Time? • Stimulus: Snodgrass and Vanderwart pictures (how?) Details: Data encryption using event-related brain signals. Ravi et al. “These pictures are common black and white line drawings like an airplane, a banana, a ball, etc. executed according to a set of rules that provide consistency of pictorial representation. The pictures have been standardized on variables of central relevance to memory and cognitive processing…” Current problems: Reproducibility and stability (solutions?)
  80. 80. Generating keys with the mind… Idea: Authentication & Encryption P300-pattern “Stored key” Error-tolerant encryption Cryptographic hash … Authentication OK Cryptographic Key Plain text Ciphertext
  81. 81. PART III. Generating “random” numbers (low-cost)… • Previous work: PRNG based on new HCI devices entropy sources: Wii remote study case (ACM paper - 2009)... • PoC - RNG with brainwaves... (NeuroSky - demo time) https://www.random.org  https://www.brainrandom.org
  82. 82. Useful for cryptography? • Are they “pure”? Do they have cryptographic utility? Quality depends on the device/brain activity…? • Statistical attacks & NIST 800-22 A Statistical test suite for Random and Pseudorandom Number Generators for Cryptographic Applications
  83. 83. Brainwaves samples – NeuroSky Mindwave
  84. 84. “Filtered” brainwaves …
  85. 85. Raw data - brainwaves (512Hz)
  86. 86. Brainwaves samples “without” brain…
  87. 87. Raw data: “Random” numbers without brain…
  88. 88. Statistical attacks & NIST 800-22 • Some Statistical test: frequency, block frequency, cumulative sums, runs, longest run of ones, rank, discrete Fourier transform, nonperiodic template matchings, entropy, serial, linear complexity,… A Statistical test suite for Random and Pseudorandom Number Generators for Cryptographic Applications • Brain vs Brain: (Filtered&not) Brainwaves & Raw data (delta, beta, theta, low-high alpha, low-high gamma) • Using the “brain” as an entropy source*…
  89. 89. “Random” numbers with multi-channel devices?…
  90. 90. “Random” numbers with multi-channel devices?…
  91. 91. Mental surveillance & brain-malware… https://keysduplicated.com/~ali/helmet/
  92. 92. Mental surveillance & brain-malware… • Privacy for thoughts!!! • Mental Surveillance & brain fingerprinting – Brain fingerprinting is a forensic science technique that uses electroencephalography (EEG) to determine whether specific information is stored in a subject's brain. It consists of measuring and recording a subject's electrical brainwaves and brain response known as P300-MERMER (Memory and Encoding Related Multifaceted Electroencephalographic Response) after the subject is exposed to words, phrases, or pictures on a computer screen. • Law Enforcement, Counter-terrorism, National Security… • http://brainwavescience.com “Far more accurate than a polygraph… It is highly accurate over 99.9%... It can be applied over 85-90% civil and criminal cases…
  93. 93. Mental surveillance & brain-malware… http://www.theverge.com/2015/2/2/7951549/brain-fingerprinting-technology-unproven-courtroom-science-farwell-p300
  94. 94. http://www.au.af.mil/au/awc/awcgate/gao/d0222.pdf
  95. 95. Brain hacking & mental surveillance • Are you sure that Rubber-Hose/Black-bag cryptanalysis are not posible with BCI? • Few researches* (attacks), but very promising…
  96. 96. Details: On the feasibility of side-channel attacks with brain-computer interfaces. Ivan Martinovic et al. Brain hacking & Mental Surveillance
  97. 97. Details: On the feasibility of side-channel attacks with brain-computer interfaces. Ivan Martinovic et al. Brain hacking & Mental Surveillance
  98. 98. Details: On the feasibility of side-channel attacks with brain-computer interfaces. Ivan Martinovic et al. Brain hacking & Mental Surveillance Results: 20 to 60%
  99. 99. Mental Surveillance & brain-malware…
  100. 100. Details: Subliminal Probing for private information via EEG-based bci devices. Mario Frank et al. Brain hacking & Mental Surveillance Accuracy in predicting (results): 66% to 90% (agnostic attack vs. targeted attack)
  101. 101. Conclusions • BCI technologies (low-cost EEG) are the present • BCI impact is real in common applications (E.g., B2B, B2M)
  102. 102. Conclusions • We need security in “mind”… • Demystified - Cryptography with “the mind” – Authentication: In progress… (slowly?). – Problems: Usability, repeatability & stability – Groups reduced  military, labs? – Cryptography: Not mature (publicly) – RNG/PRNG: not interesting enough? – FinTech? • Privacy (real problem) – Mental surveillance & side-channel attacks (BCI-Brain) – IDS-firewall for the brain? – Attacks always get better; they never get worse. (NSA)
  103. 103. 115 http://eu.foc.us/ Electrical brain stimulation… (to be continued)
  104. 104. More references… • Pass-thoughts: Authentication with our Minds (2005). Julie Thorpe et al. • Chapter 1. Brain-Computer Interfaces and Human-Computer Interaction. Desney Tan and Anton Nijholt • My Thoughts Are Not Your Thoughts. Benjamin Johnson et al. • People Identification with RMS-Based Spatial Pattern of EEG Signal (2012). Salahiddin Altahat et al. • Human identification with Electroencephalogram (EEG) for the Future Network Security (2013). Xu Huang et al. • C# Based EEG Encryption System Using Chaos Algorithm. Chin-Feng Lin et al. • Using Shannon Entropy as EEG Signal Feature for Fast Person Identification. Dinh Phung et al (2014) • Finding My Mu waves - http://eeghacker.blogspot.com.es/2013/10/finding-my-mu- waves.html • NeuroPass: A secure neural password based on EEG. Abhejit et al • Using brain waves as new biometric feature for authenticating a computer user in real time – Kusuma et al. • Authentication Systems: Principles and Threats. Sarah N. Abdulkader et al. • Non invasive Brain-Machine Interfaces (ESA). Carlo Menon et al • Guessing What’s on Your Mind: Using the N400 in Brain Computer Interfaces. Marijn van Vlie et al …
  105. 105. 117 Bibliografía recomendada http://tinyurl.com/3jkxg47
  106. 106. 118 Bibliografía recomendada
  107. 107. CURSO DE VERANO CIGTR 2016: Cybersecurity & FinTech Dr. Alfonso Muñoz – Senior Cybersecurity Expert Twitter: @mindcrypt Email: alfonso.munoz@i4s.com| alfonso@criptored.com Linkedin: https://es.linkedin.com/in/alfonso-muñoz-phd-1984141b

×